Malware Drop, Ransomware Rise Forecast for 2014

There's a growing contingent advocating a more proactive approach to system security, driven largely by frustration. "We haven't improved the defenses of business organizations in any way," said Andrew Kellett, a principal analyst with Ovum. "We continue to find it difficult to detect security breaches. ... We're not doing the proactive stuff very well."

By John P. Mello Jr.
Dec 9, 2013 11:24 AM PT

A malware decline and ransomware rise are in the security crystal ball for 2014.

There will be less malware spreading through networks next year as hackers focus on obtaining credentials that allow them to access systems under the guise of authentic users.

"Malware will still be important in establishing a foothold in the network, but we don't see malware moving laterally in networks and infecting every computer as we saw a couple of years ago," Alex Watson, director of
Websense, told TechNewsWorld.

"Malware will be used as a tool to grab credentials and walk in the front door," he said.

That can make things very difficult for system defenders.

"The existing methods for identifying attacks are largely based on the characteristics of their malware," Watson explained. "What happens when there isn't any malware to detect in the attack?"

Victim Hotline

Even if broad use of malware declines, one form of bad app that appears likely to rise is ransomware. That's largely due to the success this year of Cryptolocker.

"Since it has been successful, there'll be more attacks of that nature in the months to come -- especially if no one gets arrested," Fred Touchette, a security analyst with
AppRiver, told TechNewsWorld.

"The spread, the effectiveness of the encryption, and the fact it even looks for mapped drives to encrypt are all indicators that some criminal gangs are substantially investing in this area," said Rik Ferguson, global vice president of security research at Trend Micro.

"In fact, just recently they have even gone so far as to set up a help line for victims to call if they need help in recovering their files," he told TechNewsWorld.

Making matters worse, data abductors will be refining how ransomware is distributed next year, Ferguson continued.

"Right now, it appears that Cryptolocker has a unique distributor, but expect Cryptolocker and several new variants to appear next year and to take advantage of the partnerka, or affiliate network system, that served so well for Fake AV, the bogus security software that was everywhere a couple of years ago," he warned.

"This will really increase the rate of ransomware infections," said Ferguson, "as large numbers of criminal affiliates motivated by their share of the profits will be actively using SEO techniques to poison your search results."

Chokepoint Attacks

Malware won't be the only malicious activity declining in 2014. The size of Distributed Denial of Service attacks could fall, too.

Attackers are beginning to identify the chokepoints at websites they target for a DDoS foray.

"That allows them to magnify the effectiveness of their attacks without making the amount of traffic to a site go up," Catherine Pearce, a security consultant with Neohapsis, told TechNewsWorld.

"Webmasters will find that a tiny proportion of their traffic is taking up a ridiculously significant level of their site's resources," she added.

A dire prediction was made for another trend. For some time now, there's been a growing contingent in the security community advocating a more proactive approach to dealing with system attackers. That's largely driven by frustration.

"We haven't improved the defenses of business organizations in any way," Andrew Kellett, a principal analyst with Ovum, told TechNewsWorld.

"We continue to find it difficult to detect security breaches," he added. "Reports show that we're no better in 2013 in detecting when a security breach is taking place than we were in 2009, so we're not doing the proactive stuff very well."

Gray Hats

Just how badly the proactive stuff can get will be seen in 2014, said Websense's Watson, who predicted an innocent organization will be harmed by White Hats aiming to hurt Net raiders.

"There's a much greater likelihood of organizations being caught in the crossfire here than there would be of offensive security measures being successful," Websense's Watson observed.

Moreover, when offensive operations are conducted, they can discolor a security organization's millinery.

"It's hard to have the moral high ground when you're doing the same thing to someone that you're condemning them for doing," Watson said.

Breach Diary

Dec. 2. U.S. District Judge Jon Tigar rejects lawsuit by Kathleen Haskins claiming Symantec hid a vulnerability in its software that left its customers open to cyberattacks.

Dec. 3. D-Link releases patches to close backdoor in firmware for several of its routers that allowed access to them without using an administrative password.

Dec. 3. Governing board of a Maricopa County Community College District in Arizona approved US$7 million for expenses related to a data breach affecting 2.5 million students, former students, employees and vendors of the district. Expenses include notifications, a call center and a free year of credit-monitoring and identity theft protection services.

Dec. 3. University of Washington Medical School notifies some 90,000 patients of possible unauthorized access to their healthcare records due to a data breach resulting from a malware infection.

Dec. 3. Vodafone Iceland announced it is working with law enforcement authorities in probe of data breach that resulted in the release of text messages from 5,000 customers, including government officials, and passwords of 70,000 accounts.

Dec. 3. World Law Group launches online guide to data breach notifications that includes summaries of laws and regulations relating to data breaches in 43 jurisdictions around the world.

Dec. 4. J.P. Morgan issues notifications to nearly 500,000 of its UCard users due to a data breach that occurred in July. New cards would not be issued to the users because there's no evidence any funds were stolen, company said. UCards are used by states to process payroll, child support payments, welfare payments, education assistance payments, unemployment payments and tax refunds.

Dec. 5. Microsoft, FBI and Europol announce disruption of ZeroAccess botnet attributed with defrauding online advertisers of $2.7 million a month. Totally eradicating the network will be difficult because of its complexity, Microsoft said.